dockerfile.best-practice.missing-apk-no-cache.missing-apk-no-cache
returntocorpAuthor
unknown
Download Count*
License
This apk command is missing '--no-cache'. This forces apk to use a package index instead of a local package cache, removing the need for '--update' and the deletion of '/var/cache/apk/*'. Add '--no-cache' to your apk command.
Run Locally
Run in CI
Defintion
rules:
- id: missing-apk-no-cache
patterns:
- pattern: |
RUN apk $COMMAND ...
- pattern-not: |
RUN apk $CMD ... --no-cache ...
languages:
- dockerfile
message: This apk command is missing '--no-cache'. This forces apk to use a
package index instead of a local package cache, removing the need for
'--update' and the deletion of '/var/cache/apk/*'. Add '--no-cache' to
your apk command.
severity: INFO
metadata:
source-rule-url: https://github.com/hadolint/hadolint/wiki/DL3019
references:
- https://github.com/hadolint/hadolint/wiki/DL3019
category: best-practice
technology:
- dockerfile
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
Examples
missing-apk-no-cache.dockerfile
FROM alpine:3.7
# ruleid: missing-apk-no-cache
RUN apk update \
&& apk add foo=1.0 \
&& rm -rf /var/cache/apk/*
# ruleid: missing-apk-no-cache
RUN apk add --update foo=1.0 \
&& rm -rf /var/cache/apk/*
# ok: missing-apk-no-cache
RUN apk add --no-cache foo=1.0
# ok: missing-apk-no-cache
RUN apk add --no-cache --update foo=1.0
# ok: missing-apk-no-cache
RUN apk add --update --no-cache foo=1.0
# ruleid: missing-apk-no-cache
RUN apk add --virtual .build-deps \
gcc \
freetype-dev \
musl-dev
# ok: missing-apk-no-cache
RUN apk add --no-cache --virtual .build-deps \
gcc \
freetype-dev \
musl-dev
Short Link: https://sg.run/Njv7